Cargando…
Modelling maximum cyber incident losses of German organisations: an empirical study and modified extreme value distribution approach
Cyber incidents are among the most critical business risks for organisations and can lead to large financial losses. However, previous research on loss modelling is based on unassured data sources because the representativeness and completeness of op-risk databases cannot be assured. Moreover, there...
| Autores principales: | , , |
|---|---|
| Formato: | Online Artículo Texto |
| Lenguaje: | English |
| Publicado: |
Palgrave Macmillan UK
2023
|
| Materias: | |
| Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC10100641/ https://www.ncbi.nlm.nih.gov/pubmed/37207019 http://dx.doi.org/10.1057/s41288-023-00293-x |
| _version_ | 1785025321578266624 |
|---|---|
| author | von Skarczinski, Bennet Raschke, Mathias Teuteberg, Frank |
| author_facet | von Skarczinski, Bennet Raschke, Mathias Teuteberg, Frank |
| author_sort | von Skarczinski, Bennet |
| collection | PubMed |
| description | Cyber incidents are among the most critical business risks for organisations and can lead to large financial losses. However, previous research on loss modelling is based on unassured data sources because the representativeness and completeness of op-risk databases cannot be assured. Moreover, there is a lack of modelling approaches that focus on the tail behaviour and adequately account for extreme losses. In this paper, we introduce a novel ‘tempered’ generalised extreme value (GEV) approach. Based on a stratified random sample of 5000 interviewed German organisations, we model different loss distributions and compare them to our empirical data using graphical analysis and goodness-of-fit tests. We differentiate various subsamples (industry, size, attack type, loss type) and find our modified GEV outperforms other distributions, such as the lognormal and Weibull distributions. Finally, we calculate losses for the German economy, present application examples, derive implications as well as discuss the comparison of loss estimates in the literature. |
| format | Online Article Text |
| id | pubmed-10100641 |
| institution | National Center for Biotechnology Information |
| language | English |
| publishDate | 2023 |
| publisher | Palgrave Macmillan UK |
| record_format | MEDLINE/PubMed |
| spelling | pubmed-101006412023-04-14 Modelling maximum cyber incident losses of German organisations: an empirical study and modified extreme value distribution approach von Skarczinski, Bennet Raschke, Mathias Teuteberg, Frank Geneva Pap Risk Insur Issues Pract Article Cyber incidents are among the most critical business risks for organisations and can lead to large financial losses. However, previous research on loss modelling is based on unassured data sources because the representativeness and completeness of op-risk databases cannot be assured. Moreover, there is a lack of modelling approaches that focus on the tail behaviour and adequately account for extreme losses. In this paper, we introduce a novel ‘tempered’ generalised extreme value (GEV) approach. Based on a stratified random sample of 5000 interviewed German organisations, we model different loss distributions and compare them to our empirical data using graphical analysis and goodness-of-fit tests. We differentiate various subsamples (industry, size, attack type, loss type) and find our modified GEV outperforms other distributions, such as the lognormal and Weibull distributions. Finally, we calculate losses for the German economy, present application examples, derive implications as well as discuss the comparison of loss estimates in the literature. Palgrave Macmillan UK 2023-04-13 2023 /pmc/articles/PMC10100641/ /pubmed/37207019 http://dx.doi.org/10.1057/s41288-023-00293-x Text en © The Author(s) 2023 https://creativecommons.org/licenses/by/4.0/Open AccessThis article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article's Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article's Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/ (https://creativecommons.org/licenses/by/4.0/) . |
| spellingShingle | Article von Skarczinski, Bennet Raschke, Mathias Teuteberg, Frank Modelling maximum cyber incident losses of German organisations: an empirical study and modified extreme value distribution approach |
| title | Modelling maximum cyber incident losses of German organisations: an empirical study and modified extreme value distribution approach |
| title_full | Modelling maximum cyber incident losses of German organisations: an empirical study and modified extreme value distribution approach |
| title_fullStr | Modelling maximum cyber incident losses of German organisations: an empirical study and modified extreme value distribution approach |
| title_full_unstemmed | Modelling maximum cyber incident losses of German organisations: an empirical study and modified extreme value distribution approach |
| title_short | Modelling maximum cyber incident losses of German organisations: an empirical study and modified extreme value distribution approach |
| title_sort | modelling maximum cyber incident losses of german organisations: an empirical study and modified extreme value distribution approach |
| topic | Article |
| url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC10100641/ https://www.ncbi.nlm.nih.gov/pubmed/37207019 http://dx.doi.org/10.1057/s41288-023-00293-x |
| work_keys_str_mv | AT vonskarczinskibennet modellingmaximumcyberincidentlossesofgermanorganisationsanempiricalstudyandmodifiedextremevaluedistributionapproach AT raschkemathias modellingmaximumcyberincidentlossesofgermanorganisationsanempiricalstudyandmodifiedextremevaluedistributionapproach AT teutebergfrank modellingmaximumcyberincidentlossesofgermanorganisationsanempiricalstudyandmodifiedextremevaluedistributionapproach |